cURL Command Cheatsheet
cURL is a command-line network transfer tool, pre-installed on virtually every Linux and macOS system. This cheatsheet covers the most commonly used curl commands — from basic GET requests to advanced proxy configuration and debugging tips — each with practical examples. Whether you're debugging APIs or batch-downloading files, this guide has you covered.
Quick Reference
| Task | Command |
| Send a GET request | curl https://api.example.com |
| Send a POST request | curl -X POST -d 'key=val' URL |
| Set a header | curl -H "Authorization: Bearer TOKEN" URL |
| Download a file | curl -O url or curl -o output url |
| Debug request process | curl -v URL |
| Send JSON data | curl -X POST -H 'Content-Type: application/json' -d '{"key":"val"}' URL |
| Upload a file | curl -F "file=@photo.jpg" URL |
| Use a proxy | curl -x http://proxy:8080 URL |
Request Methods
``bash
# GET request (default)
curl https://api.github.com/users/octocat
# POST request curl -X POST https://httpbin.org/post \ -d "username=alice&password=secret"
# POST with JSON curl -X POST https://httpbin.org/post \ -H "Content-Type: application/json" \ -d '{"name":"Alice","email":"alice@example.com"}'
# PUT request (update resource) curl -X PUT https://api.example.com/users/1 \ -H "Content-Type: application/json" \ -d '{"name":"Alice Updated"}'
# DELETE request curl -X DELETE https://api.example.com/users/1
# PATCH request (partial update) curl -X PATCH https://api.example.com/users/1 \ -H "Content-Type: application/json" \ -d '{"email":"new@example.com"}'
# HEAD request (response headers only) curl -I https://example.com
# OPTIONS request (see supported methods)
curl -X OPTIONS https://api.example.com -i
`
Headers
`bash
# Set a custom header
curl -H "Accept: application/json" https://api.example.com
# Multiple headers curl -H "Accept: application/json" \ -H "Authorization: Bearer token123" \ -H "X-Custom-Header: custom-value" \ https://api.example.com
# Set User-Agent curl -A "Mozilla/5.0 (Linux; Android 13) Chrome/120" \ https://example.com
# Set Referer curl -e "https://google.com" https://example.com
# Include response headers in output (-i) curl -i https://example.com
# View response headers only (-I sends HEAD request) curl -I https://example.com
# Custom Cookie header curl -H "Cookie: sessionId=abc123; theme=dark" \ https://example.com
# Range request (download partial content)
curl -r 0-1023 https://example.com/file.zip
`
Authentication
`bash
# Basic Auth (username:password)
curl -u "alice:password123" https://api.example.com/secure
# Basic Auth (prompt for password, more secure) curl -u "alice" https://api.example.com/secure
# Bearer Token (JWT / OAuth2) curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..." \ https://api.example.com/protected
# Digest Authentication curl --digest -u "alice:password" \ https://api.example.com/digest-auth
# .netrc file authentication # In ~/.netrc add: # machine api.example.com login alice password secret curl -n https://api.example.com/secure
# Client Certificate (mTLS) curl --cert client.pem --key client-key.pem \ https://api.example.com/mtls
# OAuth2 Client Credentials flow curl -X POST https://auth.example.com/oauth/token \ -d "grant_type=client_credentials" \ -d "client_id=myapp" \ -d "client_secret=mysecret"
# API Key (query parameter)
curl "https://api.example.com/data?api_key=sk-xxxxx"
`
File Upload
`bash
# Upload file via form (multipart/form-data)
curl -F "file=@report.pdf" \
-F "title=Annual Report" \
https://api.example.com/upload
# Upload file with MIME type curl -F "image=@photo.jpg;type=image/jpeg" \ https://api.example.com/upload
# PUT upload (raw binary) curl -T report.pdf \ -H "Content-Type: application/pdf" \ https://api.example.com/documents/report.pdf
# Download file (preserve original name) curl -O https://example.com/file.zip
# Download file (specify output name) curl -o output.txt https://example.com/data.json
# Resume download curl -C - -O https://example.com/large-file.iso
# Rate limit download speed curl --limit-rate 1M -O https://example.com/big-file.zip
# FTP upload curl -T file.txt ftp://ftp.example.com/upload/ \ --user "alice:password"
# FTP download curl ftp://ftp.example.com/file.txt --user "alice:password"
# Large file download (follow redirects)
curl -L -O https://example.com/latest-release.tar.gz
`
Debug & Diagnostics
`bash
# Verbose mode (view request and response headers)
curl -v https://api.example.com
# Trace full request (including SSL handshake) curl --trace-ascii trace.log https://api.example.com
# Binary trace (most detailed debug mode) curl --trace trace.bin https://api.example.com
# Time statistics with -w curl -w "\nTime breakdown:\n\ DNS lookup: %{time_namelookup}s\n\ TCP connect: %{time_connect}s\n\ TLS handshake: %{time_appconnect}s\n\ TTFB: %{time_starttransfer}s\n\ Total time: %{time_total}s\n\ Downloaded: %{size_download} bytes\n\ HTTP status: %{http_code}\n" \ -o /dev/null -s https://api.example.com
# Connection timeout curl --connect-timeout 10 --max-time 30 \ https://example.com
# Silent mode (no progress bar or errors) curl -s https://api.example.com
# Silent but show errors curl -sS https://api.example.com
# Get HTTP status code only curl -s -o /dev/null -w "%{http_code}" \ https://api.example.com
# Follow redirects (max 5) curl -L --max-redirs 5 https://httpbin.org/redirect/3
# Skip SSL verification (dev/test only) curl -k https://self-signed.example.com
# Specify CA certificate file curl --cacert /path/to/ca-bundle.crt \ https://api.example.com
# Specify TLS version curl --tlsv1.2 https://secure.example.com
# Custom DNS resolution (bypass DNS) curl --resolve "example.com:443:127.0.0.1" \ https://example.com
# Health check (status code only)
curl -s -o /dev/null -w "%{http_code}" \
https://api.example.com/health
`
Cookie Management
`bash
# Send Cookie as header
curl -H "Cookie: session=abc123; user=alice" \
https://example.com
# Save server Set-Cookie to file (cookie jar) curl -c cookies.txt https://example.com/login
# Load cookies from file and send curl -b cookies.txt https://example.com/dashboard
# Save and load cookies simultaneously (session persistence) curl -c cookies.txt -b cookies.txt \ https://example.com/login
# Login then use cookie for subsequent requests curl -c session.txt -X POST \ -d "username=alice&password=secret" \ https://api.example.com/auth/login
curl -b session.txt \ https://api.example.com/user/profile
# Ignore cookies (don't persist any) curl --no-cookie https://example.com
# Empty cookie (send empty Cookie header)
curl -b "NONE" https://example.com
`
Proxy Configuration
`bash
# HTTP proxy
curl -x http://proxy.example.com:8080 \
https://api.example.com
# HTTPS proxy curl -x https://proxy.example.com:443 \ https://api.example.com
# SOCKS5 proxy curl --socks5 127.0.0.1:1080 \ https://api.example.com
# SOCKS5 with DNS resolution through proxy curl --socks5-hostname 127.0.0.1:1080 \ https://api.example.com
# SOCKS4 proxy curl --socks4 127.0.0.1:1080 \ https://api.example.com
# Authenticated proxy curl -x http://proxy.example.com:8080 \ --proxy-user "user:password" \ https://api.example.com
# Bypass proxy (direct connection) curl --noproxy "localhost,127.0.0.1,*.local" \ https://api.example.com
# Use proxy from environment variables # export http_proxy=http://proxy:8080 # export https_proxy=http://proxy:8080 curl https://api.example.com
# Ignore environment proxy settings curl --noproxy "*" https://api.example.com ``
Request Methods(7)
| Command | Level | ||
|---|---|---|---|
curl <url>Send a GET request (default method) | Basic | curl https://api.github.com/users/octocat | |
curl -X POSTSend a POST request | Basic | curl -X POST https://httpbin.org/post -d "key=val" | |
curl -X PUTSend a PUT request (update a resource) | Intermediate | curl -X PUT https://api.example.com/users/1 -d "{\"name\":\"Alice\"}" | |
curl -X DELETESend a DELETE request | Intermediate | curl -X DELETE https://api.example.com/users/1 | |
curl -X PATCHSend a PATCH request (partial update) | Intermediate | curl -X PATCH https://api.example.com/users/1 -d "{\"email\":\"new@example.com\"}" | |
curl -ISend a HEAD request (response headers only) | Basic | curl -I https://example.com | |
curl -X OPTIONSSend an OPTIONS request (see supported methods) | Intermediate | curl -X OPTIONS https://api.example.com -i |
Headers(4)
| Command | Level | ||
|---|---|---|---|
curl -HSet a custom request header | Basic | curl -H "Accept: application/json" https://api.example.com | |
curl -ASet the User-Agent header | Basic | curl -A "Mozilla/5.0 (Linux; Android 13)" https://example.com | |
curl -eSet the Referer header | Intermediate | curl -e "https://google.com" https://example.com | |
curl -iInclude response headers in output | Basic | curl -i https://example.com |
Authentication(4)
| Command | Level | ||
|---|---|---|---|
curl -uHTTP Basic authentication | Basic | curl -u "alice:password123" https://api.example.com/secure | |
curl -H "Authorization: Bearer <token>"Bearer Token authentication (JWT / OAuth2) | Intermediate | curl -H "Authorization: Bearer eyJhbGci..." https://api.example.com/protected | |
curl --digestHTTP Digest authentication | Intermediate | curl --digest -u "alice:password" https://api.example.com/digest-auth | |
curl -nUse .netrc file for authentication | Intermediate | curl -n https://api.example.com/secure |
File Upload(8)
| Command | Level | ||
|---|---|---|---|
curl -FMultipart form file upload | Intermediate | curl -F "file=@report.pdf" -F "title=Report" https://api.example.com/upload | |
curl -TPUT file upload (raw binary content) | Intermediate | curl -T report.pdf -H "Content-Type: application/pdf" https://api.example.com/doc.pdf | |
curl -ODownload file preserving the original filename | Basic | curl -O https://example.com/file.zip | |
curl -oDownload file with a custom output filename | Basic | curl -o output.txt https://example.com/data.json | |
curl -C -Resume a download | Intermediate | curl -C - -O https://example.com/large-file.iso | |
curl --limit-rateLimit download/upload speed | Intermediate | curl --limit-rate 1M -O https://example.com/big-file.zip | |
curl -T ftp://Upload file via FTP | Intermediate | curl -T file.txt ftp://ftp.example.com/ --user "alice:password" | |
curl -L -OFollow redirects while downloading | Basic | curl -L -O https://example.com/latest-release.tar.gz |
Debug(8)
| Command | Level | ||
|---|---|---|---|
curl -vVerbose mode — show request and response headers | Basic | curl -v https://api.example.com | |
curl --trace-asciiTrace request details (including SSL handshake) | Intermediate | curl --trace-ascii trace.log https://api.example.com | |
curl -wCustom output format (time statistics, etc.) | Intermediate | curl -w "%{http_code} %{time_total}s" -o /dev/null -s https://example.com | |
curl --connect-timeout --max-timeSet connection timeout and max request time | Intermediate | curl --connect-timeout 10 --max-time 30 https://example.com | |
curl -s / -sSSilent mode (hide progress bar) | Basic | curl -sS https://api.example.com | |
curl -kSkip SSL certificate verification (dev/test only) | Intermediate | curl -k https://self-signed.example.com | |
curl -L --max-redirsFollow redirects with a max redirect limit | Intermediate | curl -L --max-redirs 5 https://httpbin.org/redirect/3 | |
curl --resolveCustom DNS resolution (force IP address) | Expert | curl --resolve "example.com:443:127.0.0.1" https://example.com |
Cookies(4)
| Command | Level | ||
|---|---|---|---|
curl -c <file>Save Set-Cookie headers to a cookie jar file | Intermediate | curl -c cookies.txt https://example.com/login | |
curl -b <file>Read cookies from file and send them | Intermediate | curl -b cookies.txt https://example.com/dashboard | |
curl -c <file> -b <file>Cookie session persistence (read and write simultaneously) | Intermediate | curl -c session.txt -b session.txt -d "user=alice&pass=secret" https://api.example.com/login | |
curl --no-cookieIgnore cookies (don't save or send) | Intermediate | curl --no-cookie https://example.com |
Proxy(5)
| Command | Level | ||
|---|---|---|---|
curl -x <proxy>Use an HTTP/HTTPS proxy | Intermediate | curl -x http://proxy.example.com:8080 https://api.example.com | |
curl --socks5Use a SOCKS5 proxy | Intermediate | curl --socks5 127.0.0.1:1080 https://api.example.com | |
curl --socks5-hostnameUse SOCKS5 proxy with DNS resolution through proxy | Intermediate | curl --socks5-hostname 127.0.0.1:1080 https://api.example.com | |
curl --proxy-userAuthenticated proxy connection | Intermediate | curl -x http://proxy:8080 --proxy-user "user:pass" https://api.example.com | |
curl --noproxyBypass proxy for specific domains (direct connection) | Intermediate | curl --noproxy "localhost,127.0.0.1,*.local" https://api.example.com |